openssl/openssl.spec

%define major 1.1
%define engines_name %mklibname openssl-engines %{major}
%define libcrypto %mklibname crypto %{major}
%define libssl %mklibname ssl %{major}
%define devname %mklibname openssl -d
%define staticname %mklibname openssl -s -d

%define conflict2 %mklibname openssl 0.9.8

%define with_krb5 %{?_with_krb5:1}%{!?_with_krb5:0}

Summary:	Secure Sockets Layer communications libs & utils
Name:		openssl
Version:	1.1.0b
Release:	1
License:	BSD-like
Group:		System/Libraries
Url:		https://www.openssl.org
Source0:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz
Source1:	ftp://ftp.openssl.org/source/%{name}-%{version}.tar.gz.asc
Source2:	Makefile.certificate
Source3:	make-dummy-cert
Source4:	openssl-thread-test.c
# (oe) support Brazilian Government OTHERNAME X509v3 field (#14158)
# http://www.iti.gov.br/resolucoes/RESOLU__O_13_DE_26_04_2002.PDF
Patch6:		openssl-1.0.2-icpbrasil.patch
Patch7:		openssl-1.0.2-defaults.patch
Patch8:		openssl-0.9.8a-link-krb5.patch
Patch12:	openssl-1.0.2-x509.patch
Patch13:	openssl-1.1.0-version-add-engines.patch
Patch303:	openssl-1.1.0-no-rpath.patch
BuildRequires:	bc
%{?_with_krb5:BuildRequires:	krb5-devel}
BuildRequires:	sctp-devel
BuildRequires:	pkgconfig(zlib)
Requires:	%{engines_name} = %{EVRD}
Requires:	perl-base
Requires:	rootcerts
Provides:	/usr/bin/openssl

%description
The openssl certificate management tool and the shared libraries that provide
various encryption and decription algorithms and protocols, including DES, RC4,
RSA and SSL.

%files
%doc FAQ INSTALL LICENSE NEWS main-doc-info/README*
%doc README README.ENGINE
%dir %{_sysconfdir}/pki
%dir %{_sysconfdir}/pki/CA
%dir %{_sysconfdir}/pki/CA/private
%dir %{_sysconfdir}/pki/tls
%dir %{_sysconfdir}/pki/tls/certs
%dir %{_sysconfdir}/pki/tls/misc
%dir %{_sysconfdir}/pki/tls/private
%dir %{_sysconfdir}/pki/tls/rootcerts
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/pki/tls/openssl.cnf
%attr(0755,root,root) %{_sysconfdir}/pki/tls/certs/make-dummy-cert
%attr(0644,root,root) %{_sysconfdir}/pki/tls/certs/Makefile
%attr(0755,root,root) %{_sysconfdir}/pki/tls/misc/*
%attr(0755,root,root) %{_bindir}/*
%attr(0644,root,root) %{_mandir}/man[157]/*

#----------------------------------------------------------------------------

%package -n %{engines_name}
Summary:	Engines for openssl
Group:		System/Libraries
Provides:	openssl-engines = %{EVRD}

%description -n %{engines_name}
This package provides engines for openssl.

%files -n %{engines_name}
%attr(0755,root,root) %dir %{_libdir}/engines-%{major}/
%attr(0755,root,root) %{_libdir}/engines-%{major}/*.so

#----------------------------------------------------------------------------

%package -n %{libcrypto}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries
Conflicts:	%{_lib}openssl1.0.0 < 1.0.1n

%description -n %{libcrypto}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libcrypto}
%doc FAQ INSTALL LICENSE NEWS README*
%{_libdir}/libcrypto.so.%{major}*

#----------------------------------------------------------------------------

%package -n %{libssl}
Summary:	Secure Sockets Layer communications libs
Group:		System/Libraries
Conflicts:	%{_lib}openssl1.0.0 < 1.0.1n
Obsoletes:	%{_lib}openssl1.0.0 < 1.0.1n
# needed to avoid undefined symbols in rpm (rpm depends on neon library)
Conflicts:	%{_lib}neon0.27 < 0.30.1
# needed to avoid undefined symbols in curl and wget as they block update
Conflicts:	curl < 1:7.47.1
Conflicts:	wget < 1.17.1

%description -n %{libssl}
The libraries files are needed for various cryptographic algorithms
and protocols, including DES, RC4, RSA and SSL.

%files -n %{libssl}
%doc FAQ INSTALL LICENSE NEWS README*
%{_libdir}/libssl.so.%{major}*

#----------------------------------------------------------------------------

%package -n %{devname}
Summary:	Secure Sockets Layer communications libs & headers & utils
Group:		Development/Other
Requires:	%{libssl} = %{EVRD}
Requires:	%{libcrypto} = %{EVRD}
Provides:	libopenssl-devel
Provides:	openssl-devel = %{EVRD}
Provides:	%{name}-devel = %{EVRD}

%description -n %{devname}
The libraries and include files needed to compile apps with support
for various cryptographic algorithms and protocols, including DES, RC4, RSA
and SSL.

%files -n %{devname}
%doc CHANGES doc/*
%dir %{_includedir}/openssl
%{multiarch_includedir}/openssl/opensslconf.h
%{_includedir}/openssl/*
%{_libdir}/libcrypto.so
%{_libdir}/libssl.so
%{_mandir}/man3/*
%{_libdir}/pkgconfig/*

#----------------------------------------------------------------------------

%package -n %{staticname}
Summary:	Secure Sockets Layer communications static libs
Group:		Development/Other
Requires:	%{devname} = %{EVRD}
Provides:	libopenssl-static-devel
Provides:	openssl-static-devel = %{EVRD}
Provides:	%{name}-static-devel = %{EVRD}

%description -n %{staticname}
The static libraries needed to compile apps with support for various
cryptographic algorithms and protocols, including DES, RC4, RSA and SSL.

%files -n %{staticname}
%attr(0644,root,root) %{_libdir}/lib*.a

#----------------------------------------------------------------------------

%prep
%setup -q
%patch6 -p1 -b .icpbrasil
%patch7 -p1 -b .defaults
%{?_with_krb5:%patch8 -p1 -b .krb5}
%patch12 -p1 -b .x509
%patch13 -p1 -b .version-add-engines

%patch303 -p1 -b .no-rpath

# Add -Wa,--noexecstack here so that libcrypto's assembler modules will be
# marked as not requiring an executable stack.
sed -i -e 's|-O3|%{optflags} -Wa,--noexecstack|g' Configurations/10-main.conf

cp %{SOURCE2} Makefile.certificate
cp %{SOURCE3} make-dummy-cert
cp %{SOURCE4} openssl-thread-test.c

%build
%serverbuild

# Figure out which flags we want to use.
# default
sslarch=%{_os}-%{_arch}
%ifarch %{ix86}
sslarch=linux-elf
if ! echo %{_target} | grep -q i[56]86 ; then
    sslflags="no-asm"
fi
%endif
%ifarch %{arm}
sslarch=linux-generic32
%endif


# ia64, x86_64, ppc, ppc64 are OK by default
# Configure the build tree.  Override OpenSSL defaults with known-good defaults
# usable on all platforms.  The Configure script already knows to use -fPIC and
# RPM_OPT_FLAGS, so we can skip specifiying them here.
./Configure \
    --openssldir=%{_sysconfdir}/pki/tls ${sslflags} \
    --prefix=%{_prefix} --libdir=%{_lib}/ %{?_with_krb5:--with-krb5-flavor=MIT -I%{_prefix}/kerberos/include -L%{_prefix}/kerberos/%{_lib}} \
    zlib enable-camellia enable-seed enable-rfc3779 enable-sctp \
    enable-cms enable-md2 enable-rc5 enable-ssl3 enable-ssl3-method \
    no-mdc2 no-ec2m no-gost no-srp \
    shared ${sslarch}

%make all

%install
%makeinstall_std

# make the rootcerts dir
install -d %{buildroot}%{_sysconfdir}/pki/tls/rootcerts

# Install a makefile for generating keys and self-signed certs, and a script
# for generating them on the fly.
install -d %{buildroot}%{_sysconfdir}/pki/tls/certs
install -m0644 Makefile.certificate %{buildroot}%{_sysconfdir}/pki/tls/certs/Makefile
install -m0755 make-dummy-cert %{buildroot}%{_sysconfdir}/pki/tls/certs/make-dummy-cert

# Pick a CA script.
mv %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl %{buildroot}%{_sysconfdir}/pki/tls/misc/CA

install -d %{buildroot}%{_sysconfdir}/pki/CA
install -d %{buildroot}%{_sysconfdir}/pki/CA/private

# openssl was named ssleay in "ancient" times.
ln -snf openssl %{buildroot}%{_bindir}/ssleay

# The man pages rand.3 and passwd.1 conflict with other packages
# Rename them to ssl-* and also make a symlink from openssl-* to ssl-*
mv %{buildroot}%{_mandir}/man1/passwd.1 %{buildroot}%{_mandir}/man1/ssl-passwd.1
ln -sf ssl-passwd.1%{_extension} %{buildroot}%{_mandir}/man1/openssl-passwd.1%{_extension}

rm -rf {main,devel}-doc-info
mkdir -p {main,devel}-doc-info
cat - << EOF > main-doc-info/README.Mandriva-manpage
Warning:
The man page of passwd, passwd.1, has been renamed to ssl-passwd.1
to avoid a conflict with passwd.1 man page from the package passwd.
EOF

chmod 755 %{buildroot}%{_libdir}/pkgconfig

%multiarch_includes %{buildroot}%{_includedir}/openssl/opensslconf.h

# strip cannot touch these unless 755
chmod 755 %{buildroot}%{_libdir}/engines-%{major}/*.so*
chmod 755 %{buildroot}%{_libdir}/*.so*
chmod 755 %{buildroot}%{_bindir}/*

# Fix libdir.
pushd %{buildroot}%{_libdir}/pkgconfig
    for i in *.pc ; do
	sed 's,^libdir=${exec_prefix}/lib$,libdir=${exec_prefix}/%{_lib},g' \
	    $i >$i.tmp && \
	    cat $i.tmp >$i && \
	    rm -f $i.tmp
    done
popd

# adjust ssldir
perl -pi -e "s|^CATOP=.*|CATOP=%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA
perl -pi -e "s|^\\\$CATOP\=\".*|\\\$CATOP\=\"%{_sysconfdir}/pki/tls\";|g" %{buildroot}%{_sysconfdir}/pki/tls/misc/CA.pl
perl -pi -e "s|\./demoCA|%{_sysconfdir}/pki/tls|g" %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf

# drop example config
rm -f %{buildroot}%{_sysconfdir}/pki/tls/openssl.cnf.dist

%check
# Verify that what was compiled actually works.
export LD_LIBRARY_PATH=`pwd`${LD_LIBRARY_PATH:+:${LD_LIBRARY_PATH}}

make test

gcc -o openssl-thread-test \
    %{?_with_krb5:`krb5-config --cflags`} \
    -I./include \
    %{optflags} \
    openssl-thread-test.c \
    -L. -lssl -lcrypto \
    %{?_with_krb5:`krb5-config --libs`} \
    -lpthread -lz -ldl

./openssl-thread-test --threads 1